-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
138 lines (95 loc) · 4.88 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
This is the README file for LibNetBlock - a library which blocks
programs from accessing the network.
Author: Bogdan Drozdowski, bogdro (at) users . sourceforge . net
License: GPLv3+
================================================================
The binary version of LibNetBlock is linked with the GNU C Library,
licensed under the GNU LGPL:
Copyright (C) 1991,92,93,94,95,96,97,98,99,2000,2001,2002,2003,2004,2005,
2006,2007 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
License for more details.
You should have received a copy of the GNU Lesser General Public License
along with the GNU C Library; if not, write to the Free Software Foundation,
Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
================================================================
Requirements for compiling:
- a working C compiler (C++ compilers won't work due to variable casts)
- development package for the C library (like glibc-devel and glibc-headers)
Note that some glibc versions (2.11 is known of this) have a bug in their
dl(v)sym implementation, which may cause LibNetBlock to hang during searching
for the original versions of the substituted C functions. If you observe
this, it is best to upgrade glibc. If not possible, you can start deleting
substituted functions from open() and check each time it your current
version started to work (yes, this decreases security).
The sys/stat.h contains functions needed to check an executable's type.
If it is a symbolic link, LibNetBlock will follow it.
The dlfcn.h header contains functions needed to call the original functions.
It has to have RTLD_NEXT defined. LibNetBlock wouldn't work without this, so
it won't compile without this.
- libdl, the dynamic loading library, with its development package
(unless the required functions are in the C library)
- the 'make' program
Type
./configure
to configure the library for your system.
If you want to enable the public interface of LibNetBlock, configure the
library with
./configure --enable-public-interface
The public interface is compatible with SWIG (http:https://www.swig.org), so
you can make native bindings to LibNetBlock for any supported language.
LibNetBlock allows some programs to be banned (not allowed to run under
LibNetBlock, because they might need accesss to the network). One banning
file is always supported - ${sysconfdir}/libnetblock.progban (${sysconfdir} is
/usr/local/etc unless set otherwise during configure).
If you want to disable additional banning files pointed to by environment
variables, configure the library with
./configure --enable-environment=no
If you want to disable additional banning files in users' home directories,
configure the library with
./configure --enable-user-files=no
Type
make
to compile the library.
Documentation comes complied (and can be copied right away), but can be
changed and recompiled, if you have the 'makeinfo' program
('texinfo' package).
Type
make install
to install the library.
To make LibNetBlock impossible to detect, you must change all the internal
public function names. To do this, you can use the name randomizing scripts
in the src directory. You will need the 'sed' and 'sort' programs and either
Perl or GNU awk.
You can change the name prefix at the top of these scripts to something
unique. When the script is done working, reconfigure, recompile and reinstall
the library.
Thus, a typical build sequence with less detection would be
./configure
cd src
./randomize_names_gawk.sh (or 'make x-randomnames')
cd ..
make
NOTE: 'make install' is NOT recommended. Create and install an RPM package
instead, if possible.
Type 'info libnetblock' (after installation) or 'info doc/libnetblock.info'
(before installation) to get help on installing and loading the library.
=======================================================
Building an RPM package:
1) copy the libnetblock.spec file to $HOME/rpmbuild/SPECS
2) copy the source package libnetblock-XX.tar.gz to $HOME/rpmbuild/SOURCES
3) type
rpmbuild -ba $HOME/rpmbuild/SPECS/libnetblock.spec
4) get the RPMs from $HOME/rpmbuild/RPMS/ and $HOME/rpmbuild/SRPMS
Building an RPM package (the old way):
1) copy the libnetblock.spec file to /usr/src/redhat/SPECS
2) copy the source package libnetblock-XX.tar.gz to /usr/src/redhat/SOURCES
3) type
rpmbuild -ba /usr/src/redhat/SPECS/libnetblock.spec
4) get the RPMs from /usr/src/redhat/RPMS/ and /usr/src/redhat/SRPMS